Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
1976bc0534
Add unit tests for convergence in non-context mode
2016-08-07 15:16:36 -04:00
Jeff Mitchell
8b1d47037e
Refactor convergent encryption to make specifying a nonce in addition to context possible
2016-08-05 17:52:44 -04:00
Vincent Batoufflet
0b73c2ff9a
Fix PKI logical backend email alt_names
2016-08-04 12:10:34 +02:00
Jeff Mitchell
58e9cbbfc6
Add postgres test for block statements
2016-08-03 15:34:50 -04:00
Jeff Mitchell
9e204bd88c
Add arbitrary string slice parsing.
...
Like the KV function, this supports either separated strings or JSON
strings, base64-encoded or not.
Fixes #1619 in theory.
2016-08-03 14:24:16 -04:00
vishalnayak
cff7aada7a
Fix invalid input getting marked as internal error
2016-07-28 16:23:11 -04:00
Jeff Mitchell
e0c5f5f5fa
Add convergence tests to transit backend
2016-07-28 11:30:52 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Jeff Mitchell
b558c35943
Set defaults to handle upgrade cases.
...
Ping #1604
2016-07-20 14:07:19 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
e6bf4fa489
whitespace error corrected
2016-07-20 12:00:05 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Laura Bennett
7cdb8a28bc
max_idle_connections added
2016-07-20 09:26:26 -04:00
Laura Bennett
03c7eb7d18
initial commit before rebase to stay current with master
2016-07-19 14:18:37 -04:00
Jeff Mitchell
30ca541f99
Merge pull request #1414 from mhurne/mongodb-secret-backend
...
Add mongodb secret backend
2016-07-19 13:56:15 -04:00
Jeff Mitchell
3334b22993
Some minor linting
2016-07-19 13:54:18 -04:00
Matt Hurne
0f9ee8fbed
Merge branch 'master' into mongodb-secret-backend
2016-07-19 12:47:58 -04:00
Matt Hurne
072c5bc915
mongodb secret backend: Remove redundant type declarations
2016-07-19 12:35:14 -04:00
Matt Hurne
c7d42cb112
mongodb secret backend: Fix broken tests, clean up unused parameters
2016-07-19 12:26:23 -04:00
Vishal Nayak
fbb04349b5
Merge pull request #1629 from hashicorp/remove-verify-connection
...
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 12:21:23 -04:00
Vishal Nayak
8a1bb1626a
Merge pull request #1583 from hashicorp/ssh-allowed-roles
...
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-19 12:04:12 -04:00
vishalnayak
7fb04a1bbd
Remove unused VerifyConnection from storage entries of SQL backends
2016-07-19 11:55:49 -04:00
Matt Hurne
316837857b
mongodb secret backend: Return lease ttl and max_ttl in lease read in seconds rather than as duration strings
2016-07-19 11:23:56 -04:00
Matt Hurne
f18d98272d
mongodb secret backend: Don't bother persisting verify_connection field in connection config
2016-07-19 11:20:45 -04:00
Matt Hurne
f8e6bcbb69
mongodb secret backend: Handle cases where stored username or db is not a string as expected when revoking credentials
2016-07-19 11:18:00 -04:00
Matt Hurne
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
Jeff Mitchell
434ed2faf2
Merge pull request #1573 from mickhansen/logical-postgresql-revoke-sequences
...
handle revocations for roles that have privileges on sequences
2016-07-18 13:30:42 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
Vishal Nayak
cdf58da43b
Merge pull request #1610 from hashicorp/min-tls-ver-12
...
Set minimum TLS version in all tls.Config objects
2016-07-13 10:53:14 -06:00
vishalnayak
09a4142fd3
Handled upgrade path for TLSMinVersion
2016-07-13 12:42:51 -04:00
Vishal Nayak
9f1e6c7b26
Merge pull request #1607 from hashicorp/standardize-time
...
Remove redundant invocations of UTC() call on `time.Time` objects
2016-07-13 10:19:23 -06:00
vishalnayak
de19314f18
Address review feedback
2016-07-13 11:52:26 -04:00
vishalnayak
407722a9b4
Added tls_min_version to consul storage backend
2016-07-12 20:10:54 -04:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
vishalnayak
46d34130ac
Set minimum TLS version in all tls.Config objects
2016-07-12 17:06:28 -04:00
vishalnayak
8269f323d3
Revert 'risky' changes
2016-07-12 16:38:07 -04:00
Jeff Mitchell
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
Mick Hansen
9ee4542a7c
incorporate code style guidelines
2016-07-11 13:35:35 +02:00
Mick Hansen
c25788e1d4
handle revocations for roles that have privileges on sequences
2016-07-11 13:16:45 +02:00
Nathan J. Mehl
2cf4490b37
use role name rather than token displayname in generated mysql usernames
...
If a single token generates multiple myself roles, the generated mysql
username was previously prepended with the displayname of the vault
user; this makes the output of `show processlist` in mysql potentially
difficult to correlate with the roles actually in use without cross-
checking against the vault audit log.
See https://github.com/hashicorp/vault/pull/1603 for further discussion.
2016-07-10 15:57:47 -07:00
Matt Hurne
6505e85dae
mongodb secret backend: Improve safety of MongoDB roles storage
2016-07-09 21:12:42 -04:00
vishalnayak
e09b40e155
Remove Unix() invocations on 'time.Time' objects and removed conversion of time to UTC
2016-07-08 18:30:18 -04:00
Matt Hurne
bb8a45eb8b
Format code in mongodb secret backend
2016-07-07 23:16:11 -04:00
Matt Hurne
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
Matt Hurne
eee6f04e40
mongodb secret backend: Refactor to eliminate unnecessary variable
2016-07-07 22:29:17 -04:00
Matt Hurne
ce845df43c
mongodb secret backend: Consider a "user not found" response a success when removing a user from Mongo
2016-07-07 22:27:47 -04:00
Matt Hurne
138d74f745
mongodb secret backend: Improve roles path help
2016-07-07 22:16:34 -04:00